x/packstack
Code Issues Proposed changes

Remove FWaaS deployment

Browse Source 
FWaaS is being retired upstream during Victoria release, so we need to
remove it from packstack options.

[1] https://review.opendev.org/#/c/735829/

Change-Id: I9808793db64f9e4ad6d2af818d52378f04d03456
This commit is contained in:
Alfredo Moralejo 2020-06-18 15:31:22 +02:00
parent 08a67720db
commit df280619e5
10 changed files with 9 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/packstack.rst
View File

@ -784,9 +784,6 @@ Neutron config
**CONFIG_NEUTRON_METERING_AGENT_INSTALL** **CONFIG_NEUTRON_METERING_AGENT_INSTALL**
Specify 'y' to install OpenStack Networking's L3 Metering agent ['y', 'n'] Specify 'y' to install OpenStack Networking's L3 Metering agent ['y', 'n']
**CONFIG_NEUTRON_FWAAS**
Specify 'y' to configure OpenStack Networking's Firewall-as-a-Service (FWaaS). ['y', 'n']
**CONFIG_NEUTRON_VPNAAS** **CONFIG_NEUTRON_VPNAAS**
Specify 'y' to configure OpenStack Networking's VPN-as-a-Service (VPNaaS). ['y', 'n'] Specify 'y' to configure OpenStack Networking's VPN-as-a-Service (VPNaaS). ['y', 'n']

3
packstack/plugins/dashboard_500.py
View File

@ -193,12 +193,9 @@ def create_manifest(config, messages):
% (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host)) % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))
config["CONFIG_HORIZON_NEUTRON_LB"] = False config["CONFIG_HORIZON_NEUTRON_LB"] = False
config["CONFIG_HORIZON_NEUTRON_FW"] = False
config["CONFIG_HORIZON_NEUTRON_VPN"] = False config["CONFIG_HORIZON_NEUTRON_VPN"] = False
if config['CONFIG_NEUTRON_INSTALL'] == 'y': if config['CONFIG_NEUTRON_INSTALL'] == 'y':
if config["CONFIG_NEUTRON_FWAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_FW"] = True
if config["CONFIG_NEUTRON_VPNAAS"] == 'y': if config["CONFIG_NEUTRON_VPNAAS"] == 'y':
config["CONFIG_HORIZON_NEUTRON_VPN"] = True config["CONFIG_HORIZON_NEUTRON_VPN"] = True

23
packstack/plugins/neutron_350.py
View File

@ -102,18 +102,6 @@ def initConfig(controller):
"NEED_CONFIRM": False, "NEED_CONFIRM": False,
"CONDITION": False}, "CONDITION": False},
{"CMD_OPTION": "neutron-fwaas",
"PROMPT": "Would you like to configure neutron FWaaS?",
"OPTION_LIST": ["y", "n"],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": "n",
"MASK_INPUT": False,
"LOOSE_VALIDATION": True,
"CONF_NAME": "CONFIG_NEUTRON_FWAAS",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "os-neutron-vpnaas-install", {"CMD_OPTION": "os-neutron-vpnaas-install",
"PROMPT": "Would you like to configure neutron VPNaaS?", "PROMPT": "Would you like to configure neutron VPNaaS?",
"OPTION_LIST": ["y", "n"], "OPTION_LIST": ["y", "n"],
@ -445,7 +433,7 @@ def initConfig(controller):
"USE_DEFAULT": False, "USE_DEFAULT": False,
"NEED_CONFIRM": False, "NEED_CONFIRM": False,
"CONDITION": False, "CONDITION": False,
"MESSAGE": ("You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS or FWaaS services. " "MESSAGE": ("You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. "
"Geneve will be used as the encapsulation method for tenant networks"), "Geneve will be used as the encapsulation method for tenant networks"),
"MESSAGE_VALUES": ["ovn"]}, "MESSAGE_VALUES": ["ovn"]},
@ -550,8 +538,7 @@ def initSequences(controller):
if ('geneve' not in config['CONFIG_NEUTRON_ML2_TYPE_DRIVERS']): if ('geneve' not in config['CONFIG_NEUTRON_ML2_TYPE_DRIVERS']):
config['CONFIG_NEUTRON_ML2_TYPE_DRIVERS'] += ', geneve' config['CONFIG_NEUTRON_ML2_TYPE_DRIVERS'] += ', geneve'
config['CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'] = 'geneve' config['CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'] = 'geneve'
# VPNaaS and FWaaS are not supported with OVN # VPNaaS is not supported with OVN
config['CONFIG_NEUTRON_FWAAS'] = 'n'
config['CONFIG_NEUTRON_VPNAAS'] = 'n' config['CONFIG_NEUTRON_VPNAAS'] = 'n'
config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] = 'n' config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] = 'n'
# When using OVN we need to create the same L2 infrastucture as # When using OVN we need to create the same L2 infrastucture as
@ -734,12 +721,6 @@ def create_manifests(config, messages):
if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y': if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
service_plugins.append('metering') service_plugins.append('metering')
if config['CONFIG_NEUTRON_FWAAS'] == 'y':
service_plugins.append('firewall_v2')
fwaas_sp = ('FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.'
'service_drivers.agents.agents.FirewallAgentDriver:default')
service_providers.append(fwaas_sp)
if config['CONFIG_NEUTRON_VPNAAS'] == 'y': if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
service_plugins.append('vpnaas') service_plugins.append('vpnaas')
vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.' vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.'

1
packstack/puppet/modules/packstack/manifests/horizon.pp
View File

@ -34,7 +34,6 @@ class packstack::horizon ()
horizon_key => hiera('CONFIG_HORIZON_SSL_KEY', undef), horizon_key => hiera('CONFIG_HORIZON_SSL_KEY', undef),
horizon_ca => hiera('CONFIG_HORIZON_SSL_CACERT', undef), horizon_ca => hiera('CONFIG_HORIZON_SSL_CACERT', undef),
neutron_options => { neutron_options => {
'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'),
'enable_vpn' => hiera('CONFIG_HORIZON_NEUTRON_VPN'), 'enable_vpn' => hiera('CONFIG_HORIZON_NEUTRON_VPN'),
'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'), 'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'),
}, },

2
packstack/puppet/modules/packstack/manifests/neutron/api.pp
View File

@ -8,7 +8,6 @@ class packstack::neutron::api ()
$neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW') $neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW')
$neutron_sql_connection = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}" $neutron_sql_connection = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}"
$neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW') $neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW')
$neutron_fwaas_enabled = str2bool(hiera('CONFIG_NEUTRON_FWAAS'))
$neutron_vpnaas_enabled = str2bool(hiera('CONFIG_NEUTRON_VPNAAS')) $neutron_vpnaas_enabled = str2bool(hiera('CONFIG_NEUTRON_VPNAAS'))
class { '::neutron::keystone::authtoken': class { '::neutron::keystone::authtoken':
@ -26,7 +25,6 @@ class packstack::neutron::api ()
api_workers => hiera('CONFIG_SERVICE_WORKERS'), api_workers => hiera('CONFIG_SERVICE_WORKERS'),
rpc_workers => hiera('CONFIG_SERVICE_WORKERS'), rpc_workers => hiera('CONFIG_SERVICE_WORKERS'),
service_providers => hiera_array('SERVICE_PROVIDERS'), service_providers => hiera_array('SERVICE_PROVIDERS'),
ensure_fwaas_package => $neutron_fwaas_enabled,
ensure_vpnaas_package => $neutron_vpnaas_enabled, ensure_vpnaas_package => $neutron_vpnaas_enabled,
} }

8
packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp
View File

@ -1,8 +0,0 @@
class packstack::neutron::fwaas ()
{
class { '::neutron::services::fwaas':
enabled => true,
agent_version => 'v2',
driver => 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver',
}
}

12
packstack/puppet/modules/packstack/manifests/neutron/l3.pp
View File

@ -5,23 +5,11 @@ class packstack::neutron::l3 ()
default => true default => true
} }
$neutron_fwaas_enabled = str2bool(hiera('CONFIG_NEUTRON_FWAAS'))
if $neutron_fwaas_enabled {
$extensions = 'fwaas_v2'
} else {
$extensions = undef
}
class { '::neutron::agents::l3': class { '::neutron::agents::l3':
interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'), interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'),
manage_service => $start_l3_agent, manage_service => $start_l3_agent,
enabled => $start_l3_agent, enabled => $start_l3_agent,
debug => hiera('CONFIG_DEBUG_MODE'), debug => hiera('CONFIG_DEBUG_MODE'),
extensions => $extensions
}
if defined(Class['neutron::services::fwaas']) {
Class['neutron::services::fwaas'] -> Class['neutron::agents::l3']
} }
sysctl::value { 'net.ipv4.ip_forward': sysctl::value { 'net.ipv4.ip_forward':

3
packstack/puppet/templates/network.pp
View File

@ -19,9 +19,6 @@ if hiera('CONFIG_NEUTRON_INSTALL') == 'y' {
if hiera('CONFIG_NEUTRON_VPNAAS') == 'y' { if hiera('CONFIG_NEUTRON_VPNAAS') == 'y' {
include '::packstack::neutron::vpnaas' include '::packstack::neutron::vpnaas'
} }
if hiera('CONFIG_NEUTRON_FWAAS') == 'y' {
include '::packstack::neutron::fwaas'
}
if hiera('CONFIG_NEUTRON_L2_AGENT') != 'ovn' { if hiera('CONFIG_NEUTRON_L2_AGENT') != 'ovn' {
include '::packstack::neutron::l3' include '::packstack::neutron::l3'
} }

7
releasenotes/notes/Remove-FWaaS-deployment-41cfa0b709cd9a3f.yaml Normal file
View File

@ -0,0 +1,7 @@
---
prelude: >
Neutron FWaaS has been removed in Victoria release.
other:
- |
Packstack does not longer support deployment of Neutron FWaaS extension as it
has been removed upstream. Option CONFIG_NEUTRON_FWAAS has been removed.

1
tests/scenario002.sh
View File

@ -41,7 +41,6 @@ $SUDO packstack ${ADDITIONAL_ARGS} \
--os-neutron-vpnaas-install=n \ --os-neutron-vpnaas-install=n \
--os-sahara-install=y \ --os-sahara-install=y \
--os-trove-install=y \ --os-trove-install=y \
--neutron-fwaas=y \
--nova-libvirt-virt-type=qemu \ --nova-libvirt-virt-type=qemu \
--provision-uec-kernel-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-vmlinuz" \ --provision-uec-kernel-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-vmlinuz" \
--provision-uec-ramdisk-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-initrd" \ --provision-uec-ramdisk-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-initrd" \